STQC Certification and CCTV
CCTV is
everywhere now, in metro stations, campuses, warehouses, and housing societies.
With that spread comes a tougher question: can you trust what’s on the pole?
The government wants a clear “yes”, which is why it’s pushing the market
towards standardized, secure-by-design products. The big lever is STQC
security certification. It’s not a nice-to-have anymore; it’s the new gate.
Manufacturers, integrators, buyers, everyone’s playbook changes in 2025.
STQC, short for Standardization Testing and Quality Certification, is overseen by the Ministry of Electronics and IT (MeitY). Think of it as a seal that says, “This device was built properly and hardened against common attacks.” For surveillance, that covers cameras, DVRs, and NVRs. It looks at product quality, cybersecurity controls, and how data is handled. In other words: fewer soft spots, fewer nasty surprises once the kit goes live.
The
Mandatory Requirement
Two dates matter. First, in June 2024, government buyers started insisting on STQC-aligned equipment. Only STQC-certified CCTV products are meant to be sold and integrated in India. No carve-outs for OEMs or import labels. No “we’ll update it later”. If it isn’t certified, it shouldn’t be on the invoice. Simple as that.
As
of April 9, 2025, STQC certification is mandatory for all CCTV
cameras manufactured, imported, or sold in India.
·
Government
Procurement: Mandatory
since June 6, 2024. Any "Made in India" CCTV procured for
government projects must strictly adhere to STQC-certified standards.
·
General
Market: All
IP-based CCTV cameras must comply by the April 2025 deadline to remain legally
available for sale.
· Full Enforcement: From April 1, 2026, no sale of non-compliant CCTV cameras will be allowed, as the previous transition relaxations have been formally withdrawn
Why
STQC is mandatory for CCTV?
The Ministry of
Electronics and IT (MeitY) made STQC (Standardisation Testing and Quality
Certification) mandatory for CCTV systems to ensure:
🔹
Quality & Safety: Cameras must work well and be safe for public use.
🔹
No Spying Risk: To avoid hidden risks like data leaks or spying through
poor-quality or foreign-controlled cameras.
🔹
Trusted Performance: STQC checks that the camera meets Indian government
standards before it’s used in sensitive places.
✅ STQC
= Government-approved safety and quality check for CCTV.
Key
Requirements for STQC Certification
This
mandate pulls the industry toward “secure by default”. Expect the following to
show up in specs and test reports:
·
Secure
boot and firmware verification so tampered code can’t sneak in.
·
No
default or hardcoded passwords; each device has its own credentials.
·
TLS
1.2+ is a modern way to encrypt streams and management communications.
·
Access
restrictions that are quite specific for local and remote logins, together with
roles and logs.
·
BIS
safety compliance (IS 13252 / IEC 60950-1) where applicable.
·
Chinese-origin
OEMs are not eligible for STQC certification.
·
Independent
testing at STQC-recognized labs, with proper documentation.
Yes, it’s technical. But it’s also practical. Locked ports. Signed updates. Patch paths that don’t open new holes. That’s how fleets stay healthy.
Who
Needs to Comply with This Mandate?
Short
answer: the entire chain.
·
Manufacturers,
Indian and international, are bringing models to market.
·
OEM
partners and importers are rebranding or expanding their ranges.
·
Distributors,
retailers, and system integrators are selling or installing systems.
·
Buyers
in public projects, smart cities, critical infrastructure, and enterprise.
If you touch CCTV in India, compliance isn’t an afterthought. It’s part of the offer.
What
Happens If You Don’t Comply?
Doors close. Non-STQC products become out of bounds for sale and use. You risk being tossed out of tenders. Licenses and approvals can be questioned. Private buyers, especially corporate security teams, will quietly pass. And the reputational hit from a failed audit? That lingers. Why roll the dice when the rules are crystal clear?
Benefits
of Using STQC-Certified CCTV Products
In short,
here’s what that certification delivers in everyday operations.
·
Stronger
cybersecurity out of the box; fewer field incidents, fewer emergency call-outs.
·
Buyer
confidence, procurement checks get easier, especially in regulated sectors.
·
Policy
alignment with Make in India and Atmanirbhar Bharat priorities.
· Lower legal and operational risk, plus a smoother path through audits and renewals.
Certification
Process for Manufacturers
To obtain
the STQC Certificate for CCTV, companies must follow a structured
procedure:
1. Technical Construction File (TCF): Submit a dossier detailing
architecture, firmware versions with hash values, and Bill of Materials (BoM)
down to the SoC level.
2. Lab Testing: Samples are sent to BIS-approved
or STQC-recognized labs for functional and cybersecurity stress tests.
3. Factory Audit: STQC authorities may inspect
manufacturing facilities to verify quality control and secure engineering
processes.
4. Labeling: Certified products must display: “This CCTV camera complies with Essential Requirement(s) for Security” on their packaging.
Essential
Security Requirements (ER 01:2024)
The Standardisation
Testing and Quality Certification (STQC) Directorate validates cameras
against Essential Requirements (ER). These are not optional
features but mandatory engineering controls:
·
No
Hardcoded Passwords: Each
device must have unique credentials; "admin/admin" defaults are
prohibited.
·
Secure
Boot & Firmware: The
camera verifies its own software integrity every time it starts up. Only
cryptographically signed firmware can run, so nobody can inject malicious code.
·
Encryption: Mandatory use of TLS
1.2+ for streaming and management data to prevent interception.
·
Physical
Security: Requirements
for tamper-resistant enclosures and locked physical ports (like UART or JTAG).
·
Data
Sovereignty: Prevents
sensitive surveillance data from being transmitted to unauthorized foreign
servers. Manufacturer debugging interfaces must be shut down before the camera
leaves the factory. Open debug ports are one of the most common entry points
for hackers.
·
Vulnerability
disclosure policy –
Brands must maintain a formal process for reporting and patching security
flaws. This means ongoing accountability, not just a one-time test.
· Supply chain transparency – Manufacturers must declare the origin of chipsets, PCBs, and processors. Think of it like ingredient labelling on food; now the government checks where your camera's brain comes from.
Impact
of Non-Compliance
Failure to
meet these standards results in significant market restrictions:
·
License
Cancellation: Existing
BIS licenses may be suspended or cancelled.
·
Customs
Delays: Imported
units lacking certification are often stalled at ports.
· Tender Disqualification: Non-compliant brands are excluded from lucrative smart city and public infrastructure projects
How
to Verify a Specific Model
Certification
is awarded at the model level, not just the brand level. You can
verify a specific camera by:
1. Checking the Packaging: Look for the mandatory
text: "This CCTV camera complies with Essential Requirement(s) for
Security".
2. Official Portal: Visit the STQC Certified
Products List and search by manufacturer name or certificate number.
Understanding
BIS ER Approval
Until recently, a CCTV camera only needed to pass a basic electrical safety test (IS 13252) to be sold in India. That test checked whether the camera was safe to plug in: protection against electric shock, insulation, and fire hazards. That's it.
Alongside
STQC, BIS ER (Bureau of Indian Standards – Electronics Registration) approval
is another essential regulatory requirement for electronic surveillance
equipment sold in India.
The BIS ER approval indicate strengthens trust among distributors, channel partners, and enterprise buyers who prioritize regulatory compliance during vendor evaluation.
What BIS
ER Approval Ensures
·
Conformity
to Indian safety standards
·
Electrical
safety compliance
·
Product
testing through recognized labs
· Mandatory registration before market sale
Key
Aspects of BIS-ER-01 Certification
·
Objective: Adds a mandatory cybersecurity
layer to existing electrical safety standards for IP cameras and security
equipment.
·
Mandatory
Status: Essential
for legal sale or import of surveillance products in India.
·
Testing
Focus: Evaluates
debug interfaces, password complexity, and access controls.
·
Deadline/Timeline: The deadline for implementation
was April 9, 2025.
· Application: Often involves collaboration with BIS-designated labs for testing and submission through official channel
BIS
guidelines are listed below to comply with the Essential Requirements for CCTV
Cameras.
While
some of it may sound complicated, not to worry, we are here to simplify it for
you. Email us or call us – we are happy to discuss and guide you
·
Existing
licensees of ‘CCTV Cameras’ as per IS 13252 (Part 1) : 2010/ IEC 60950-1 : 2005
o Existing licensees of CCTV Cameras
shall apply online through the “Apply for Standard Revision/ Amendment/
Essential Requirement” module along with test report for ER: 01.
o Applicable Fees:
§ Inclusion test report: INR 30,000/- +
applicable taxes per test report
§ Additional test report: INR 20,000/- +
applicable taxes per test report
o All non-compliant models shall be
deleted from the scope of License and registration shall be liable for
cancellation after 09 April 2025.
·
New
Applicants of CCTV Cameras:
o Applications for CCTV Cameras may be
submitted along with test report for ER: 01 in addition to test report as per
IS 13252 (Part 1): 2010.
o Processing of Applications without
test report for ER: 01 shall be permitted only upto 09 April 2025.
o In case of above point no. 3 (B) (ii),
a declaration from the applicant will also be required to submit that they will
implement the revised Standard by 09 April 2025.
o Beyond 09 April 2025, above point no.
3 (B) (ii) will not be valid and registration will not be granted to such
applications which are not complying with ER: 01
·
Change
in Scope of License:
o Inclusion applications for CCTV
Cameras may be submitted along with test report for ER: 01 in addition to test
report as per IS 13252 (Part 1): 2010.
o Processing of Applications without
test report for ER: 01 shall be permitted only upto 09 April 2025.
o In case of above point no. 3 (C) (ii),
a declaration from the applicant will also be required to submit that they will
implement the revised Standard by 09 April 2025.
o Beyond 09 April 2025, above point no.
3 (C) (ii) will not be valid and registration will not be granted to such
applications which are not complying with ER: 01.
o Existing Licensees shall not use the
Inclusion module to apply for implementation of Essential requirements of
registered models. Instead, they may use the module as already mentioned in 3
(A)(i).
·
Models
complying with the above Order may display the following on the packaging:
“This CCTV camera complies with Essential Requirement(s) for
Security”.
· Provision for generating Test Request for ER for Security of CCTV– ER: 01 has been made live on BIS Portal.
STQC
vs BIS ER – Which One Do You Need?
In today’s regulatory
environment, certifications are not just about compliance—they’re about trust,
credibility, and market access. Two certifications that often create confusion
are STQC (Standardisation Testing & Quality Certification) and BIS ER (Bureau
of Indian Standards – Essential Requirements). While both deal with product
quality and safety, their application areas and target customers differ
significantly.
STQC (Standardisation Testing & Quality Certification)
• Primary Customers: Government
departments, PSUs, and organizations working on e-Governance, IT
infrastructure, and software/hardware systems.
• Focus: IT systems, biometric devices,
smart cards, e-sign, and other digital infrastructure components.
• Why It’s Needed: Many government
tenders and projects mandate STQC certification to ensure reliability,
interoperability, and adherence to national security/quality standards.
BIS-ER ( Bureau of Indian Standards – Essential Requirements)
• Primary Customers: Private
manufacturers, importers, and businesses selling electronic/IT products in the
Indian market.
• Focus: Consumer electronics, IT
equipment, household gadgets, and other electronic products listed under the
Compulsory Registration Scheme (CRS).
• Why It’s Needed: BIS ER is mandatory
for commercial sale in India—without it, businesses cannot legally sell or
market their products.
In simple terms
• Government Projects →
STQC Certification (trust + compliance in IT/e-governance ecosystem).
• Market Access (Retail/Commercial) →
BIS ER Certification (legally required for selling electronic products in
India).
The government gave the industry time to prepare. New BIS licences without ER-01 compliance stopped being issued from April 9, 2025. Brands that didn't get certified could sell existing warehouse stock for a while, but that grace period is now over.
From April 1, 2026, selling a non-compliant camera in India carries fines of up to 10× the product's value and up to 2 years in prison. BIS is already raiding warehouses.
Existing cameras already installed in your home or office are unaffected. The rule targets new sales, not existing use. And analog cameras are exempt; this applies only to IP (network-connected) cameras.
